Skip to main content
System StatusContact Support Agility Community

Was VersionOne affected by the CVE-2017-5638 Apache Struts Remote Code Execution?


The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before [1] mishandles file upload, which allows remote attackers to execute arbitrary commands via a <code>#cmd=<code> string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017 [2].


The VersionOne application itself does not utilize the Apache Struts 2 package, therefore the application is not impacted.